Monthly Archives: November 2016

At the stage in their career where they are called a “security leader”, a security person will typically have a title like Chief Information Security Officer (CISO) or the equivalent at their organization. They will be the top person in Information Security. They may have a large staff underneath them performing the security functions, or they may be the security thought leader with the operational responsibilities spread throughout the IT organization.

Either way, the security leader is responsible for working with the other executives in the “C” Suite (CIO, COO, CEO, etc…) to set priorities and budget for the long term approach to information security. The job is often more about good relationships and finding common ground for business priorities than any of the technical aspects of security. Conversations are often about risk – both real and perceived – and how those risks could affect the business.

To be an effective security leader requires both vision (to set the goals) and persuasion (to lead the organization towards the goals). These come into play not only with the executives, but with staff as well. Sharing the vision and educating others on why security matters are important part of an effective security leader’s job.

To reach this job level you must switch mindsets from a technical to a business focus. Some can make this transition, some can’t, and some want to stay in the technical world. This is more about knowing yourself and where your interests lie. Pushing a person with high interpersonal skills and a business approach into looking at a senior management position makes sense. But don’t push a person (or yourself) into management if it is not a good fit – if they (or you) purely love the technical aspects of security and want to stay there, then stay. Be happy at what you do, and proud of it.

If you’ve reached this pinnacle in the security world, you did not do it on your own. Others believed in you, mentored you, and supported you in thousands of ways both big and small. Just as others did for you, it’s time for you to mentor and support others in the security field. If you started doing this earlier in your career, kudos, and step up your efforts! Bringing up the next generations of security leaders means starting at their early and middle stages, showing them support and encouragement. It means finding those special people in the middle and architect layers and mentoring them to gain the skills and experience to move up. Get them involved, show them that they can make a difference, encourage them to continue to grow and learn. When you volunteer your time to help others grow in the security field, you will be rewarded a thousand times over.